From owner-freebsd-questions@freebsd.org  Wed Jan 10 13:13:47 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7639FE7F9F8
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed, 10 Jan 2018 13:13:47 +0000 (UTC)
 (envelope-from g8kbvdave@googlemail.com)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com
 [IPv6:2a00:1450:400c:c09::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 0E8CD73FD8;
 Wed, 10 Jan 2018 13:13:47 +0000 (UTC)
 (envelope-from g8kbvdave@googlemail.com)
Received: by mail-wm0-x231.google.com with SMTP id t8so26682751wmc.3;
 Wed, 10 Jan 2018 05:13:46 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-transfer-encoding
 :content-language;
 bh=385aq+EEJa3NLonPEKnjDoQSF3PnhJ0j/KY3S4JxW6c=;
 b=MKS4bl9uuxdGY+oOCojZfXSJMnedtaUhFwMZicw3N2NcuIxF2awghxISed1XzhBvP0
 mHGU5345FD8k6CF9JavY2EKWx+UPurTGU57idlhBpI8J6mmBeAcQAixC2Ga1+KaCP6Pi
 rcXZ5cZljtwS6+FpqgAAvJQmDYOELiQeK+nzlvVa2VD7tXz+YTQ+fUAoUEBxcgFNnYoa
 NYKgaDeEFXV5pyOXwtwz5ujyTNt7K9K2fJ4ZCcQWvKjP31ImsQs8CcaCeT2zUFINFNKV
 qOqHD5Vk+B6nzMvQR1N+xsCEPAGzyOEPRyzrx2YbWOrKtQar2z/0eTLRyhWNj9RYJ2rP
 1TYQ==
X-Gm-Message-State: AKGB3mLJF2JC2YbgQl5pRsGN1crCeT6r0BGZpthp5PzKHPWj1+jxB41G
 Z21RQfj2rky6ZDkuWB4PU15yx2ir
X-Google-Smtp-Source: ACJfBotnTEPK5FUlMZ07yMXN7ulyhryOmKeF94e0b0kYJJ1zojN80riRZzvqFRglTVj0HW3IkwQ4hQ==
X-Received: by 10.28.91.10 with SMTP id p10mr15537479wmb.112.1515590025309;
 Wed, 10 Jan 2018 05:13:45 -0800 (PST)
Received: from [192.168.2.55] ([217.41.35.220])
 by smtp.gmail.com with ESMTPSA id j14sm9034826wrd.47.2018.01.10.05.13.43
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 10 Jan 2018 05:13:44 -0800 (PST)
Subject: =?UTF-8?Q?Re:_32_bit_fix=3f_=28Was_Re:_Meltdown_=e2=80=93_Spectre?=
 =?UTF-8?Q?=29?=
To: Daniel Feenberg <feenberg@nber.org>
Cc: Ed Maste <emaste@freebsd.org>, freebsd-questions@freebsd.org
References: <mailman.94.1515499202.64522.freebsd-questions@freebsd.org>
 <2e86bfd9-9141-2872-1946-0e9d26326433@googlemail.com>
 <CAPyFy2Ce+=tZpDMo6kUdpYXAw-=8CRYUFNtinUeGe-Lnp=tYsA@mail.gmail.com>
 <6523f352-c895-e488-8006-76495907745a@googlemail.com>
 <alpine.LRH.2.21.1801100728550.7115@sas1.nber.org>
From: Dave B <g8kbvdave@googlemail.com>
Message-ID: <ec0be3da-7bed-9604-c9d3-1c6ea9fc7ecb@googlemail.com>
Date: Wed, 10 Jan 2018 13:13:43 +0000
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <alpine.LRH.2.21.1801100728550.7115@sas1.nber.org>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Content-Language: en-GB
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jan 2018 13:13:47 -0000

Hi.

Many of those appliances are marketed as being able to make your files
available to you, even when you're not at home.  (Music, photos etc.) 
They come with crude mobile app's (among other things, to monetize the
user) and the security/authentication varies from so so, to nil.  
(Guess what most users opt for, because "it's difficult" to do it
securely.)   Remember, we're talking about Joe Public, not a sysadmin!

That, and they either punch holes in the router using UPnP, or people (I
know one) place them in a DMZ, again, because it's easy, and "it just
works."   What else is then exposed, who knows?

The rest as they say, one day will be history.   Using Shodan, it is not
difficult to find admin login pages on the public internet, for all
sorts of bits of equipment and other gadgetry.

Take care.

Dave B


On 10/01/18 12:37, Daniel Feenberg wrote:
>
>
> On Wed, 10 Jan 2018, Dave B via freebsd-questions wrote:
>
>> Hi Ed.
>>
>> Understood.   There's "a lot" of FreeBSD based kit out there, running on
>> 32 bit hardware.  A lot of NAS's for one.   (I don’t suppose any of
>> those commercial "appliances" will ever be updated though.)
>>
>
> Are NAS's a worry? Wouldn't the typical NAS login have root already?
> Why would anyone other than the system admin have a login on the NAS
> box at all? If the NAS isn't used as a web browser or MUA, how would
> the malware get to be run by an unprivileged user?
>
> I understand that the vulnerability can be demonstrated in Javascript,
> but this would be an attack on the client running with the privileges
> of the web browser. That isn't something that would happen on the
> typical system services appliance such as a NAS box, switch, or router.
>
> daniel feenberg
> NBER